ACS-LDAP authentication

aamircisco · ‎10-20-2013

Hi all,

i am facing an issue authentication ACS with LDAP server . Getting an error mentioned below. Needs solution urgently.

RADIUS Status:

Evaluating Identity Policy

15006 Matched Default Rule

15013 Selected Identity Store -

22043 Current Identity Store does not support the authentication method; Skipping it.

22056 Subject not found in the applicable identity store(s).

22058 The advanced option that is configured for an unknown user is used.

22061 The 'Reject' advanced option is configured in case of a failed authentication request.

11815 Inner EAP-MSCHAP authentication failed

11520 Prepared EAP-Failure for inner EAP method

22028 Authentication failed and the advanced options are ignored.

12305 Prepared EAP-Request with another PEAP challenge

11006 Returned RADIUS Access-Challenge

11001 Received RADIUS Access-Request

11018 RADIUS is re-using an existing session

12304 Extracted EAP-Response containing PEAP challenge-response

12307 PEAP authentication failed

11504 Prepared EAP-Failure

11003 Returned RADIUS Access-Reject

Regards,

AAMIR

Jatin Katyal · ‎10-26-2013

Aamir,

I'm sure you've got this resolved still adding my inputs in case someone else facing the same issue.

The reason why you're seeing this error message

22043  Current Identity Store does not support the  authentication method

because LDAP doesn't support PEAP-MSCHAPv2. It only supports PAP in non-EAP requests and EAP-TLS, EAP-GTC and PEAP-GTC in EAP requests.

/eap_pap_phase.html#wp1014889

If you can't change the EAP flavor in your network, then you can migrate to Active directory as it supports peap-mschapv2.

~BR
Jatin Katyal

**Do rate helpful posts**

~Jatin